Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Xcacls Problems : resetting home directories for individual users

Posted on 2006-06-19
15
Medium Priority
?
406 Views
Last Modified: 2010-04-18
I have previously asked a question similar to this when i was figuring out the actual syntax to use for the command.  Now i have done that and have seen the command working i have a further query;

The below command seems to work in the login script as a .CMD file when i am logged in as myslef (a domain admin) but when the script runs when a normal user logs in it returns with 'ERRROR The filename, directory name or volume label syntax is incorrect'

\\[servername]\xcacls.exe "\\[servername]\home\%username%" /T /E /C /G %username%:f /y
pause (just to see it step through)

Just wondering if any expert has any pearls of wisdom on this, before i resort to resetting all home directory access manually and individually.

ANy help would be much appreciated

Thanks
leon

0
Comment
Question by:leont
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
  • +1
15 Comments
 
LVL 40

Expert Comment

by:Richard Quadling
ID: 16933493
Hi leont,


I think you can only grant rights if the USER running the script has the ability to play with rights.

You cannot (for example) give yourself superduper rights if you are guest.

When you are logging in, the "user" running the script is NOT the same user logging in. This is why you would use the login script to set the rights.

Regards,

Richard Quadling.
0
 
LVL 6

Expert Comment

by:Azhrei1
ID: 16933501
can you access the username share on that server while logged in as the user?

http://technet2.microsoft.com/WindowsServer/en/Library/8ec308b8-9229-44bb-acad-707ec1b7f0a91033.mspx?mfr=true
0
 

Author Comment

by:leont
ID: 16933561
Thanks for the quick response, in response to Azhrei1's query, they cannot access thier own directories this is why i was looking to do it via login script (xcacls) otherwise i will have to go through every users home profile directory to reset the access right so only they have full control access to their own directories.  Rquadling, i had a feeling it would be something like that, looks like theres no quick way to do this then?

Leon
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 6

Expert Comment

by:Azhrei1
ID: 16933574
I will have to agree with Richard, Leon :(
0
 
LVL 40

Expert Comment

by:Richard Quadling
ID: 16933609
OOI. Why not jus leave it in the Login script?

If they don't login, they can't access their files!

If they do, the login script sets the rights and they can access their files.

I don't see any problem.
0
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 16933664
Since the user name and the folder name are identical, it's not too difficult to change those permissions at once.
Open a command prompt and enter a test command first (replacing the servername, obviously):
for /d %a in ("\\[servername]\home\*.*") do @ECHO @xcacls "%a" /T /E /C /G %Userdomain%\%~nxa:f /y
If this generates the correct output, remove the @echo above:
for /d %a in ("\\[servername]\home\*.*") do @xcacls "%a" /T /E /C /G %Userdomain%\%~nxa:f /y

If you prefer to put this into a batch script, replace the "%a" by "%%a" (the ECHO for the test mode is still there):

@echo off
for /d %%a in ("\\[servername]\home\*.*") do ECHO xcacls "%%a" /T /E /C /G %Userdomain%\%%~nxa:f /y
0
 

Author Comment

by:leont
ID: 16933676
Hi RQuadling, Thats the root problem, all the home drives where migrated from one server to another and they lost their individual full control access rights and thats what i'm trying to restore when they logon so only the user logging in can access thier own home drive and no one elses, that script works if its a domain admin user logging in but doesn't when the normal user logs in

leon
0
 
LVL 40

Expert Comment

by:Richard Quadling
ID: 16933766
Aha!

Hmm.

I was just about to suggest oBdA's answer. As the usernames are the directory names, then a one shot of for /D will do the trick.
0
 

Author Comment

by:leont
ID: 16933976
i will have a look at that.

Thanks
0
 

Author Comment

by:leont
ID: 16949406
Hi everyone sorry for the delay in responding to close this question, wondering if someone could advise, as while i agree some of the suggestions may work in certain circumstances, i have eventually reverted to way i was originally going to do it so don't know who to assign the points to.  I was going to split the points between RQuading and oBdA, if anyone has any problems with this please let me know.

Thanks
Leon
0
 
LVL 40

Expert Comment

by:Richard Quadling
ID: 16949416
What way did you use?
0
 
LVL 40

Expert Comment

by:Richard Quadling
ID: 16949421
I have to say that oBdA's answer is right on the button for a one off fix.
0
 

Author Comment

by:leont
ID: 16966684
Thanks RQuading, i'll give oBdA the points then if thats ok.  In answer to your first question i took the cowards wayout of this one and reset all the home drive directories to a path that didn't exist i.e.

\\[servername]\homes\%username% (where homes doesn't exist) then went into each individual AD settings and changed it to;
\\[servername]\home\%username% and when the re-mapping is applied it resets the access for the user.

Long winded I know, good job i've only got around 400 users!!

thanks everyone.  I will look into the oBdA gave for future use but not that use to scripting, so i'll look through and figure out what that script actually does for myself.

again many thanks.

Leon
0
 
LVL 85

Expert Comment

by:oBdA
ID: 16966861
Have a look here, nice resources for batch scripting: http://www.robvanderwoude.com/
0
 

Author Comment

by:leont
ID: 16982888
Many thanks oBdA

Leon
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question